Security audit

Iran War Tracker V2

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Iran-conflict news and market tracker, but it relies on third-party data services and includes an embedded Jin10 service token.

Install only if you are comfortable with the agent sending news keywords, market symbols, and fetched URLs to external data services. Review any AlphaVantage, Tavily, or Tushare keys in your environment before running it, and treat the embedded Jin10 token as a reliability and credential-hygiene risk that the publisher should rotate or replace with user-provided configuration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill invokes external scripts, MCP access, network retrieval, and likely local file/template loading, yet no permissions are declared. This creates a transparency and governance gap: users and platforms cannot accurately assess what resources the skill may access, increasing the risk of overbroad data access or unintended side effects when the skill runs.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill’s declared behavior materially differs from the detected behavior and referenced data flows, including undisclosed external sources and missing implementation for core claimed features. This is dangerous because users may authorize or trust the skill for one purpose while it performs broader collection or produces outputs without the promised validation framework, creating both security and integrity risks.

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The file contains a hardcoded bearer token for an external MCP service, which is a real secret exposure issue. Anyone with access to the code can reuse the credential to consume the third-party service, impersonate the skill, exhaust quota, or access data under the skill author's account; the geopolitical-analysis context does not justify embedding a reusable production credential in source.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal